urlscan.io logo urlscan.io
SecurityTrails logo

api.payaconnect.com Open in urlscan Pro
18.235.176.17  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://www.ynispayments.com/
Effective URL: https://api.payaconnect.com/hostedpaymentpage?id=11ef1777349aaab6b02e03e9&data=U2FsdGVkX18xMWVmMTc3N6ozJsFgellvHK%2FoSN8lVdw...
Submission: On October 01 via manual — Scanned from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 1 countries across 5 domains to perform 8 HTTP transactions. The main IP is 18.235.176.17, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is api.payaconnect.com. The Cisco Umbrella rank of the primary domain is 583279.
TLS certificate: Issued by Amazon RSA 2048 M02 on August 16th 2024. Valid for: a year.
This is the only time api.payaconnect.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 3.33.251.168 16509 (AMAZON-02)
3 18.235.176.17 14618 (AMAZON-AES)
1 74.125.192.104 15169 (GOOGLE)
1 74.125.192.94 15169 (GOOGLE)
2 74.125.192.106 15169 (GOOGLE)
1 208.215.218.15 63148 (QTI)
8 5
1    3.33.251.168 (United States)

ASN16509 (AMAZON-02, US)
PTR: aec037177372cc6cd.awsglobalaccelerator.com
www.ynispayments.com
3    18.235.176.17 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-18-235-176-17.compute-1.amazonaws.com
api.payaconnect.com
1    74.125.192.104 (United States)

ASN15169 (GOOGLE, US)
PTR: qn-in-f104.1e100.net
www.google.com
1    74.125.192.94 (United States)

ASN15169 (GOOGLE, US)
PTR: qn-in-f94.1e100.net
www.gstatic.com
2    74.125.192.106 (United States)

ASN15169 (GOOGLE, US)
PTR: qn-in-f106.1e100.net
www.google.com
1    208.215.218.15 (Griffin, United States)

ASN63148 (QTI, US)
PTR: www.promoplace.com
www.younameitspecialties.com
Apex Domain
Subdomains		 Transfer
3 google.com
www.google.com — Cisco Umbrella Rank: 3
1002 B
3 payaconnect.com
api.payaconnect.com — Cisco Umbrella Rank: 583279
16 KB
1 younameitspecialties.com
www.younameitspecialties.com
72 KB
1 gstatic.com
www.gstatic.com
213 KB
1 ynispayments.com
www.ynispayments.com
464 B
8 5
Domain Requested by
3 www.google.com api.payaconnect.com
www.gstatic.com
3 api.payaconnect.com api.payaconnect.com
1 www.younameitspecialties.com
1 www.gstatic.com www.google.com
1 www.ynispayments.com 1 redirects
8 5

This site contains no links.

Subject Issuer Validity Valid
*.payaconnect.com
Amazon RSA 2048 M02		 2024-08-16 -
2025-09-13		 a year crt.sh
*.google.com
WR2		 2024-08-26 -
2024-11-18		 3 months crt.sh
*.gstatic.com
WR2		 2024-08-26 -
2024-11-18		 3 months crt.sh
www.younameitspecialties.com
R10		 2024-09-20 -
2024-12-19		 3 months crt.sh

This page contains 3 frames:

Primary Page: https://api.payaconnect.com/hostedpaymentpage?id=11ef1777349aaab6b02e03e9&data=U2FsdGVkX18xMWVmMTc3N6ozJsFgellvHK%2FoSN8lVdwd9XYAOrACOCKx8l6RMRjxj%2FYHuq5n55coUKWB0Uqpjg%3D%3D
Frame ID: 395885D9275BEC35DDF47D555242EF56
Requests: 6 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6Lf04jsiAAAAAPMsKKbqPRBtoq0zoOZkbSmPZswc&co=aHR0cHM6Ly9hcGkucGF5YWNvbm5lY3QuY29tOjQ0Mw..&hl=en&v=xds0rzGrktR88uEZ2JUvdgOY&size=normal&cb=ot7ckrmuwqmq
Frame ID: 8EF8AB8D25F6514733865E4E74947F77
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/enterprise/bframe?hl=en&v=xds0rzGrktR88uEZ2JUvdgOY&k=6Lf04jsiAAAAAPMsKKbqPRBtoq0zoOZkbSmPZswc
Frame ID: 0DDF5EDE36F5786759BDBE262B19EFD1
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://www.ynispayments.com/ HTTP 307
    https://www.ynispayments.com/ HTTP 301
    https://api.payaconnect.com/hostedpaymentpage?id=11ef1777349aaab6b02e03e9&data=U2FsdGVkX18xMWVmMTc3N6ozJ... Page URL

Page Statistics

8
Requests

100 %
HTTPS

0 %
IPv6

5
Domains

5
Subdomains

5
IPs

1
Countries

301 kB
Transfer

672 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://www.ynispayments.com/ HTTP 307
    https://www.ynispayments.com/ HTTP 301
    https://api.payaconnect.com/hostedpaymentpage?id=11ef1777349aaab6b02e03e9&data=U2FsdGVkX18xMWVmMTc3N6ozJsFgellvHK%2FoSN8lVdwd9XYAOrACOCKx8l6RMRjxj%2FYHuq5n55coUKWB0Uqpjg%3D%3D Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

8 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request hostedpaymentpage
api.payaconnect.com/
Redirect Chain
  • http://www.ynispayments.com/
  • https://www.ynispayments.com/
  • https://api.payaconnect.com/hostedpaymentpage?id=11ef1777349aaab6b02e03e9&data=U2FsdGVkX18xMWVmMTc3N6ozJsFgellvHK%2FoSN8lVdwd9XYAOrACOCKx8l6RMRjxj%2FYHuq5n55coUKWB0Uqpjg%3D%3D
51 KB
12 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://api.payaconnect.com/hostedpaymentpage?id=11ef1777349aaab6b02e03e9&data=U2FsdGVkX18xMWVmMTc3N6ozJsFgellvHK%2FoSN8lVdwd9XYAOrACOCKx8l6RMRjxj%2FYHuq5n55coUKWB0Uqpjg%3D%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.235.176.17 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-18-235-176-17.compute-1.amazonaws.com
Software
/
Resource Hash
ae92d2ac8647bffd5009f6dc4d753d037ba22a6cc3f15df200570ffb13a96984
Security Headers
Name Value
Content-Security-Policy default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline';
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
Origin, X-Requested-With, X-HTTP-Method-Override, Content-Type, Accept, developer-id, access-token
access-control-allow-methods
GET
access-control-allow-origin
*
cache-control
no-store no-cache
content-encoding
gzip
content-security-policy
default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline';
content-type
text/html; charset=UTF-8
date
Tue, 01 Oct 2024 03:31:36 GMT
expect-ct
max-age=86400
server
strict-transport-security
max-age=63072000; includeSubDomains
vary
Accept,Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
1; mode=block

Redirect headers

Connection
close
Content-Length
214
Content-Type
text/html; charset=utf-8
Date
Tue, 01 Oct 2024 03:31:36 GMT
Location
https://api.payaconnect.com/hostedpaymentpage?id=11ef1777349aaab6b02e03e9&data=U2FsdGVkX18xMWVmMTc3N6ozJsFgellvHK%2FoSN8lVdwd9XYAOrACOCKx8l6RMRjxj%2FYHuq5n55coUKWB0Uqpjg%3D%3D
Server
ip-10-124-5-60.us-west-2.compute.internal
Vary
Accept-Encoding
X-Request-Id
159b9d5a-4217-41f6-b23f-af0a33b585ba
hosted-payment-page.css
api.payaconnect.com/css/ 		9 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://api.payaconnect.com/css/hosted-payment-page.css
Requested by
Host: api.payaconnect.com
URL: https://api.payaconnect.com/hostedpaymentpage?id=11ef1777349aaab6b02e03e9&data=U2FsdGVkX18xMWVmMTc3N6ozJsFgellvHK%2FoSN8lVdwd9XYAOrACOCKx8l6RMRjxj%2FYHuq5n55coUKWB0Uqpjg%3D%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.235.176.17 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-18-235-176-17.compute-1.amazonaws.com
Software
/
Resource Hash
4cdd3efd5ae994e582c2bd18c403853be1ab1693912896fc76bbf23fd5241571
Security Headers
Name Value
Content-Security-Policy default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline';
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://api.payaconnect.com/hostedpaymentpage?id=11ef1777349aaab6b02e03e9&data=U2FsdGVkX18xMWVmMTc3N6ozJsFgellvHK%2FoSN8lVdwd9XYAOrACOCKx8l6RMRjxj%2FYHuq5n55coUKWB0Uqpjg%3D%3D

Response headers

strict-transport-security
max-age=63072000; includeSubDomains
content-security-policy
default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline';
cache-control
no-store
content-encoding
gzip
etag
"240a-621f020c65380-gzip"
expect-ct
max-age=86400
x-content-type-options
nosniff
accept-ranges
bytes
content-length
2293
date
Tue, 01 Oct 2024 03:31:36 GMT
x-xss-protection
1; mode=block
content-type
text/css
last-modified
Thu, 12 Sep 2024 18:18:06 GMT
server
vary
Accept-Encoding
enterprise.js
www.google.com/recaptcha/ 		1 KB
1002 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/enterprise.js?render=explicit
Requested by
Host: api.payaconnect.com
URL: https://api.payaconnect.com/hostedpaymentpage?id=11ef1777349aaab6b02e03e9&data=U2FsdGVkX18xMWVmMTc3N6ozJsFgellvHK%2FoSN8lVdwd9XYAOrACOCKx8l6RMRjxj%2FYHuq5n55coUKWB0Uqpjg%3D%3D
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
74.125.192.104 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
qn-in-f104.1e100.net
Software
ESF /
Resource Hash
5620e62e0f92c56ca9827cef87364b9a715287beeaf1d309672657bff847cc94
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://api.payaconnect.com/

Response headers

cache-control
private, max-age=300
content-encoding
gzip
cross-origin-resource-policy
cross-origin
report-to
{"group":"coop_38fac9d5b82543fc4729580d18ff2d3d","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/38fac9d5b82543fc4729580d18ff2d3d"}]}
x-content-type-options
nosniff
expires
Tue, 01 Oct 2024 03:31:37 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cross-origin-opener-policy-report-only
same-origin; report-to="coop_38fac9d5b82543fc4729580d18ff2d3d"
date
Tue, 01 Oct 2024 03:31:37 GMT
x-xss-protection
0
content-type
text/javascript; charset=utf-8
server
ESF
x-frame-options
SAMEORIGIN
recaptcha__en.js
www.gstatic.com/recaptcha/releases/xds0rzGrktR88uEZ2JUvdgOY/ 		539 KB
213 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/recaptcha/releases/xds0rzGrktR88uEZ2JUvdgOY/recaptcha__en.js
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/enterprise.js?render=explicit
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
74.125.192.94 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
qn-in-f94.1e100.net
Software
sffe /
Resource Hash
b5e8ec5d4dcc080657deb2d004f65d974bf4ec9e9aa5d621e10749182fff8731
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://api.payaconnect.com
Referer
https://api.payaconnect.com/

Response headers

content-encoding
gzip
age
29959
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
x-content-type-options
nosniff
expires
Tue, 30 Sep 2025 19:12:18 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Mon, 30 Sep 2024 19:12:18 GMT
last-modified
Mon, 23 Sep 2024 04:00:50 GMT
content-type
text/javascript
vary
Accept-Encoding
cache-control
public, max-age=31536000
cross-origin-opener-policy
same-origin-allow-popups; report-to="recaptcha"
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
accept-ranges
bytes
access-control-allow-origin
*
content-length
218137
x-xss-protection
0
server
sffe
anchor
www.google.com/recaptcha/enterprise/ Frame 8EF8 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6Lf04jsiAAAAAPMsKKbqPRBtoq0zoOZkbSmPZswc&co=aHR0cHM6Ly9hcGkucGF5YWNvbm5lY3QuY29tOjQ0Mw..&hl=en&v=xds0rzGrktR88uEZ2JUvdgOY&size=normal&cb=ot7ckrmuwqmq
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/xds0rzGrktR88uEZ2JUvdgOY/recaptcha__en.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
74.125.192.106 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
qn-in-f106.1e100.net
Software
ESF /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-tvUb9dI2KD5ObeJT_s7TUA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://api.payaconnect.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-encoding
gzip
content-security-policy
script-src 'report-sample' 'nonce-tvUb9dI2KD5ObeJT_s7TUA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-opener-policy-report-only
same-origin; report-to="coop_38fac9d5b82543fc4729580d18ff2d3d"
cross-origin-resource-policy
cross-origin
date
Tue, 01 Oct 2024 03:31:38 GMT
expires
Mon, 01 Jan 1990 00:00:00 GMT
pragma
no-cache
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} {"group":"coop_38fac9d5b82543fc4729580d18ff2d3d","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/38fac9d5b82543fc4729580d18ff2d3d"}]}
server
ESF
x-content-type-options
nosniff
x-xss-protection
0
Pic
www.younameitspecialties.com/we/we.dll/ 		71 KB
72 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.younameitspecialties.com/we/we.dll/Pic?UN=7877&F=C&T=801&Age=1427660593
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_CBC
Server
208.215.218.15 Griffin, United States, ASN63148 (QTI, US),
Reverse DNS
www.promoplace.com
Software
/
Resource Hash
b317be2518154f1e3faa326eb4e56844a6403a0af907e0f475fff5893932229a

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://api.payaconnect.com/

Response headers

Cache-Control
max-age=1209600,public
Content-Length
73184
Date
Tue, 01 Oct 2024 03:31:38 GMT
Content-Type
image/png
SERVER
ServerID
2
favicon.ico
api.payaconnect.com/ 		318 B
779 B 		Other
General
Check archive.org
Download Go to
Full URL
https://api.payaconnect.com/favicon.ico
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.235.176.17 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-18-235-176-17.compute-1.amazonaws.com
Software
/
Resource Hash
66332859bd8e3441a019e073a318b62a47014ba244121301034b510dc7532271
Security Headers
Name Value
Content-Security-Policy default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline';
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://api.payaconnect.com/hostedpaymentpage?id=11ef1777349aaab6b02e03e9&data=U2FsdGVkX18xMWVmMTc3N6ozJsFgellvHK%2FoSN8lVdwd9XYAOrACOCKx8l6RMRjxj%2FYHuq5n55coUKWB0Uqpjg%3D%3D

Response headers

strict-transport-security
max-age=63072000; includeSubDomains
content-security-policy
default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline';
cache-control
no-store
etag
"13e-621f020c65380"
expect-ct
max-age=86400
x-content-type-options
nosniff
accept-ranges
bytes
content-length
318
date
Tue, 01 Oct 2024 03:31:39 GMT
x-xss-protection
1; mode=block
content-type
image/vnd.microsoft.icon
last-modified
Thu, 12 Sep 2024 18:18:06 GMT
server
bframe
www.google.com/recaptcha/enterprise/ Frame 0DDF 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/enterprise/bframe?hl=en&v=xds0rzGrktR88uEZ2JUvdgOY&k=6Lf04jsiAAAAAPMsKKbqPRBtoq0zoOZkbSmPZswc
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/xds0rzGrktR88uEZ2JUvdgOY/recaptcha__en.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
74.125.192.106 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
qn-in-f106.1e100.net
Software
ESF /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-6cHwX6Psz57hieqz3KVUzg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://api.payaconnect.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-encoding
gzip
content-security-policy
script-src 'report-sample' 'nonce-6cHwX6Psz57hieqz3KVUzg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-opener-policy-report-only
same-origin; report-to="coop_38fac9d5b82543fc4729580d18ff2d3d"
cross-origin-resource-policy
cross-origin
date
Tue, 01 Oct 2024 03:31:39 GMT
expires
Mon, 01 Jan 1990 00:00:00 GMT
pragma
no-cache
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} {"group":"coop_38fac9d5b82543fc4729580d18ff2d3d","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/38fac9d5b82543fc4729580d18ff2d3d"}]}
server
ESF
x-content-type-options
nosniff
x-xss-protection
0

Verdicts & Comments Add Verdict or Comment

56 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 string| siteKey object| databag string| url boolean| isCC object| productTransaction object| productTerminals object| errorArray object| exp_months object| exp_years number| year number| redirect_url_delay number| parent_send_message object| data function| setForm function| setConfirmAccError function| removeConfirmAccError function| validateAccountFields function| handleAccountNumber function| setArea function| fillInGaps function| createField function| createFieldElement function| updateSurchargeInformation function| removeHasErrorFromAccountNumber function| setColClass function| assignValue function| setValue function| checkRequired function| updateRequired function| checkIsCompany function| checkSecCodesOptions function| runTransaction function| toggleLoadingButton function| disableSubmitButton function| preSubmitValidation function| buildSurchargeTransaction function| handleTransactionResponse function| formatResponseObject function| sendTransaction function| hideHPPForm function| setErrors function| setResponseData function| clearErrors function| removeHasError function| closeTransaction function| disableEnableButtons function| createSelectOptions object| ___grecaptcha_cfg object| grecaptcha string| __recaptcha_api boolean| __google_recaptcha_client object| recaptcha object| closure_lm_625821

0 Cookies

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline';
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block